Prevent SSH password attacks using denyhosts package

When I saw this in my daily log report. I was like WTF! Script kiddies are having fun. Little bit of Googling and I installed the denyhosts package on Feodra Core 7. Here’s the step by step guide.

shell>yum install denyhosts
shell>/etc/init.d/denyhosts start

Most probably denyhosts is going to run on server restarts. However, make sure that’s the case by

shell>chkconfig denyhosts on

The denyhosts package watches the /var/log/secure log file at a fixed interval and then when it finds a match (like illegal login attempts, etc.) it adds an entry in the /etc/hosts.deny file. The /etc/hosts.deny file contains pairs of entries in network daemon, client ip (or hostname) format which looks like this:

daemon_name: X.Y.Z.W

After installing the denyhosts package, you can tweak the configuration by modifying the /etc/denyhosts.conf file. Here’s what I changed essentially

This entry was posted on Wednesday, September 10th, 2008 at 10:12 am and is filed under Linux. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.